Spaces:

Fred808
/

NATO

Paused

App Files Files Community

Fred808 commited on Jul 28, 2025

Commit

e6166c0

verified ·

1 Parent(s): 61792ca

Update Dockerfile

Browse files

Files changed (1) hide show

Dockerfile +94 -269

Dockerfile CHANGED Viewed

@@ -1,303 +1,128 @@
-# Dockerfile
-FROM ubuntu:22.04
-ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && \
-    apt-get install -y --no-install-recommends \
-        wireguard \
-        wireguard-tools \
-        iptables \
-        net-tools \
-        iproute2 \
-        curl \
-        python3 \
-        python3-pip \
-        procps && \
-    apt-get clean && rm -rf /var/lib/apt/lists/*
-# Create wireguard directory
-RUN mkdir -p /etc/wireguard
-# Copy scripts
-COPY entrypoint.sh /usr/local/bin/
-COPY generate_wireguard_config.py /usr/local/bin/
-RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/generate_wireguard_config.py
-# Expose WireGuard port
-EXPOSE 51820/udp
-ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 ---
-# entrypoint.sh
 #!/bin/bash
-set -e
-echo "🐳 Starting WireGuard Docker Container"
-echo "======================================"
-# Check if running with required capabilities and privileges
-if [ ! -w /proc/sys/net/ipv4/ip_forward ] 2>/dev/null; then
-    echo "⚠️  Warning: Cannot write to /proc/sys - IP forwarding may not work"
-    echo "   Make sure to run with: --sysctl net.ipv4.ip_forward=1"
-else
-    echo "✅ Setting IP forwarding"
-    echo 1 > /proc/sys/net/ipv4/ip_forward
-    echo 1 > /proc/sys/net/ipv6/conf/all/forwarding 2>/dev/null || true
-fi
-# Check for NET_ADMIN capability
-if ! ip link add dummy0 type dummy 2>/dev/null; then
-    echo "❌ ERROR: Container needs NET_ADMIN capability"
-    echo "   Run with: docker run --cap-add=NET_ADMIN ..."
-    exit 1
-else
-    ip link delete dummy0 2>/dev/null || true
-    echo "✅ NET_ADMIN capability confirmed"
-fi
-# Generate config if it doesn't exist
-if [ ! -f /etc/wireguard/wg0.conf ]; then
-    echo "📝 Generating WireGuard configuration..."
-    python3 /usr/local/bin/generate_wireguard_config.py
-else
-    echo "✅ Using existing WireGuard configuration"
-fi
-# Start WireGuard
-echo "🚀 Starting WireGuard interface..."
-wg-quick up wg0
-# Show status
-echo "📊 WireGuard Status:"
-wg show
-# Keep container running and show logs
-echo "✅ WireGuard is running. Monitoring logs..."
-tail -f /dev/null
 ---
-# generate_wireguard_config.py (Docker version)
-#!/usr/bin/env python3
-import os
-import subprocess
-import sys
-WG_DIR = "/etc/wireguard"
-SERVER_PRIVATE = os.path.join(WG_DIR, "privatekey")
-SERVER_PUBLIC = os.path.join(WG_DIR, "publickey")
-PEER_PRIVATE = os.path.join(WG_DIR, "peer1_privatekey")
-PEER_PUBLIC = os.path.join(WG_DIR, "peer1_publickey")
-def generate_keypair(private_path, public_path):
-    """Generate WireGuard key pair"""
-    try:
-        priv = subprocess.check_output(["wg", "genkey"]).decode().strip()
-        with open(private_path, "w") as f:
-            f.write(priv)
-        os.chmod(private_path, 0o600)
-        pub = subprocess.check_output(["wg", "pubkey"], input=priv.encode()).decode().strip()
-        with open(public_path, "w") as f:
-            f.write(pub)
-        os.chmod(public_path, 0o644)
-        return priv, pub
-    except Exception as e:
-        print(f"❌ Error generating keypair: {e}")
-        sys.exit(1)
-def get_public_ip():
-    """Get public IP - try multiple methods for Docker"""
-    import urllib.request
-    # Check for environment variable first (best for Docker)
-    if 'WG_PUBLIC_IP' in os.environ:
-        return os.environ['WG_PUBLIC_IP']
-    methods = [
-        'https://api.ipify.org',
-        'https://ipv4.icanhazip.com',
-        'https://checkip.amazonaws.com',
-        'https://ifconfig.me/ip'
-    ]
-    for url in methods:
-        try:
-            with urllib.request.urlopen(url, timeout=10) as response:
-                ip = response.read().decode().strip()
-                if ip and '.' in ip and len(ip.split('.')) == 4:  # Basic IP validation
-                    return ip
-        except Exception as e:
-            print(f"⚠️  Failed to get IP from {url}: {e}")
-            continue
-    print("⚠️  Could not determine public IP automatically")
-    return "YOUR_PUBLIC_IP_HERE"
-def create_server_config(server_priv, peer_pub):
-    """Create server configuration optimized for Docker"""
-    return f"""[Interface]
-Address = 10.10.0.1/24
-ListenPort = 51820
-PrivateKey = {server_priv}
-PostUp = iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE
-PostUp = iptables -A FORWARD -i wg0 -j ACCEPT
-PostUp = iptables -A FORWARD -o wg0 -j ACCEPT
-PostDown = iptables -t nat -D POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE || true
-PostDown = iptables -D FORWARD -i wg0 -j ACCEPT || true
-PostDown = iptables -D FORWARD -o wg0 -j ACCEPT || true
-[Peer]
-PublicKey = {peer_pub}
-AllowedIPs = 10.10.0.2/32"""
-def create_peer_config(peer_priv, server_pub, public_ip):
-    """Create peer configuration"""
-    return f"""[Interface]
-PrivateKey = {peer_priv}
-Address = 10.10.0.2/24
-DNS = 1.1.1.1, 8.8.8.8
-[Peer]
-PublicKey = {server_pub}
-Endpoint = {public_ip}:51820
-AllowedIPs = 0.0.0.0/0
-PersistentKeepalive = 25"""
-def main():
-    print("🔧 Docker WireGuard Configuration Generator")
-    print("=" * 45)
-    # Skip root check in Docker - we run as root in container
-    print("🐳 Running in Docker container mode")
-    # Create directory (should already exist)
-    os.makedirs(WG_DIR, exist_ok=True)
-    # Generate keys
-    print("🔑 Generating keypairs...")
-    server_priv, server_pub = generate_keypair(SERVER_PRIVATE, SERVER_PUBLIC)
-    peer_priv, peer_pub = generate_keypair(PEER_PRIVATE, PEER_PUBLIC)
-    print("✅ Server and peer keypairs generated")
-    # Get public IP
-    print("🌐 Detecting public IP...")
-    public_ip = get_public_ip()
-    print(f"📍 Public IP: {public_ip}")
-    # Create server config
-    server_config = create_server_config(server_priv, peer_pub)
-    with open(os.path.join(WG_DIR, "wg0.conf"), "w") as f:
-        f.write(server_config)
-    os.chmod(os.path.join(WG_DIR, "wg0.conf"), 0o600)
-    print("✅ Server config written to wg0.conf")
-    # Create peer config
-    peer_config = create_peer_config(peer_priv, server_pub, public_ip)
-    with open(os.path.join(WG_DIR, "peer1.conf"), "w") as f:
-        f.write(peer_config)
-    os.chmod(os.path.join(WG_DIR, "peer1.conf"), 0o600)
-    print("✅ Peer config written to peer1.conf")
-    print("\n🎉 WireGuard configuration completed!")
-    print("\n📱 To get the peer config:")
-    print("   docker exec <container> cat /etc/wireguard/peer1.conf")
-    if public_ip == "YOUR_PUBLIC_IP_HERE":
-        print("\n⚠️  IMPORTANT: Set WG_PUBLIC_IP environment variable or")
-        print("   manually update the Endpoint in peer1.conf!")
-if __name__ == "__main__":
-    main()
 ---
-# docker-compose.yml
 version: '3.8'
 services:
-  wireguard:
-    build: .
-    container_name: wireguard-server
-    cap_add:
-      - NET_ADMIN
-      - SYS_MODULE
     sysctls:
-      - net.ipv4.ip_forward=1
       - net.ipv6.conf.all.forwarding=1
     ports:
-      - "51820:51820/udp"
     volumes:
-      - ./wireguard-config:/etc/wireguard
-      - /lib/modules:/lib/modules:ro
     restart: unless-stopped
-    privileged: true  # Sometimes needed for WireGuard in containers
----
-# docker-run.sh
-#!/bin/bash
-# Build the image
-docker build -t wireguard-server .
-# Run the container
-docker run -d \
-  --name wireguard-server \
-  --cap-add=NET_ADMIN \
-  --cap-add=SYS_MODULE \
-  --sysctl net.ipv4.ip_forward=1 \
-  --sysctl net.ipv6.conf.all.forwarding=1 \
-  -p 51820:51820/udp \
-  -v $(pwd)/wireguard-config:/etc/wireguard \
-  -v /lib/modules:/lib/modules:ro \
-  --restart unless-stopped \
-  --privileged \
-  wireguard-server
-echo "🚀 WireGuard container started!"
-echo "📝 Check logs: docker logs -f wireguard-server"
-echo "📁 Configs will be in: ./wireguard-config/"
 ---
-# Makefile
-.PHONY: build run stop logs clean config
-build:
-	docker build -t wireguard-server .
-run: build
-	mkdir -p wireguard-config
-	docker run -d \
-		--name wireguard-server \
-		--cap-add=NET_ADMIN \
-		--cap-add=SYS_MODULE \
-		--sysctl net.ipv4.ip_forward=1 \
-		--sysctl net.ipv6.conf.all.forwarding=1 \
-		-p 51820:51820/udp \
-		-v $(PWD)/wireguard-config:/etc/wireguard \
-		--restart unless-stopped \
-		--privileged \
-		wireguard-server
-stop:
-	docker stop wireguard-server || true
-	docker rm wireguard-server || true
-logs:
-	docker logs -f wireguard-server
-clean: stop
-	docker rmi wireguard-server || true
-	rm -rf wireguard-config
-config:
-	docker exec wireguard-server cat /etc/wireguard/peer1.conf
-status:
-	docker exec wireguard-server wg show

+# docker-compose.yml for OpenVPN
+version: '3.8'
+services:
+  openvpn:
+    image: kylemanna/openvpn:latest
+    container_name: openvpn-server
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - "1194:1194/udp"
+    volumes:
+      - ./openvpn-data:/etc/openvpn
+    restart: unless-stopped
+    command: ovpn_run
 ---
+# Quick setup script (setup-openvpn.sh)
 #!/bin/bash
+# Replace with your server's public IP or domain
+SERVER_URL="udp://YOUR_SERVER_IP:1194"
+echo "🔧 Setting up OpenVPN server..."
+# Initialize the configuration
+docker-compose run --rm openvpn ovpn_genconfig -u $SERVER_URL
+# Generate the certificate authority
+docker-compose run --rm openvpn ovpn_initpki
+# Start the server
+docker-compose up -d
+echo "✅ OpenVPN server started!"
+echo "📝 To create a client certificate:"
+echo "   docker-compose run --rm openvpn easyrsa build-client-full CLIENTNAME nopass"
+echo "   docker-compose run --rm openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn"
 ---
+# Alternative: Tailscale (even simpler)
+version: '3.8'
+services:
+  tailscale:
+    image: tailscale/tailscale:latest
+    container_name: tailscale-subnet-router
+    hostname: docker-router
+    environment:
+      - TS_AUTHKEY=tskey-auth-your-auth-key-here
+      - TS_ROUTES=10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
+      - TS_STATE_DIR=/var/lib/tailscale
+    volumes:
+      - ./tailscale-state:/var/lib/tailscale
+      - /dev/net/tun:/dev/net/tun
+    cap_add:
+      - NET_ADMIN
+      - SYS_MODULE
+    restart: unless-stopped
 ---
+# Or use a ready-made VPN solution
 version: '3.8'
 services:
+  pritunl:
+    image: jippi/pritunl:latest
+    container_name: pritunl-vpn
+    privileged: true
     sysctls:
+      - net.ipv6.conf.default.forwarding=1
       - net.ipv6.conf.all.forwarding=1
     ports:
+      - "80:80"
+      - "443:443"
+      - "1194:1194/udp"
     volumes:
+      - pritunl_data:/var/lib/pritunl
+      - pritunl_mongodb:/var/lib/mongodb
     restart: unless-stopped
+volumes:
+  pritunl_data:
+  pritunl_mongodb:
 ---
+# Simple SOCKS5 Proxy (lightest option)
+version: '3.8'
+services:
+  dante:
+    image: serjs/go-socks5-proxy
+    container_name: socks5-proxy
+    ports:
+      - "1080:1080"
+    environment:
+      - PROXY_USER=username
+      - PROXY_PASSWORD=password
+    restart: unless-stopped
+---
+# SSH Tunnel (if you just need simple forwarding)
+version: '3.8'
+services:
+  ssh-tunnel:
+    image: alpine:latest
+    container_name: ssh-tunnel-server
+    ports:
+      - "2222:22"
+    volumes:
+      - ./ssh-config:/etc/ssh
+    command: |
+      sh -c "
+        apk add --no-cache openssh &&
+        ssh-keygen -A &&
+        adduser -D -s /bin/sh tunneluser &&
+        echo 'tunneluser:password' | chpasswd &&
+        echo 'GatewayPorts yes' >> /etc/ssh/sshd_config &&
+        echo 'AllowTcpForwarding yes' >> /etc/ssh/sshd_config &&
+        /usr/sbin/sshd -D
+      "
+    restart: unless-stopped